chore: bump GitHub Actions to current major versions

Pure version bumps; workflow behavior is unchanged.

- actions/checkout              v3 -> v5
- actions/setup-python          v3 -> v5
- github/codeql-action/{init,autobuild,analyze}  v2 -> v3
- pypa/gh-action-pypi-publish   SHA-pinned -> v1.14.0 SHA, with
  trailing version comment for human readability

The @v3 actions ran on the deprecated Node 16 runtime; @v5 (and
codeql-action @v3) all use Node 20, the current GitHub-supported
runtime. Third-party pypa publish action stays SHA-pinned for
supply-chain safety.

Closes #34

0 files changed, 0 insertions, 0 deletions